From 68c5f6fa985c9ea5ef2ff52ccee75b26741fea27 Mon Sep 17 00:00:00 2001 From: Howard Chu Date: Mon, 7 Apr 2003 10:15:18 +0000 Subject: [PATCH] Cleanup ENABLE_REWRITE ifdefs, put into a new ldap_back_dn_massage(). All DN attrs are massaged, whether or not ENABLE_REWRITE is defined. Use "dnAttr" rewriteContext for Add, Compare, & Modify. Fixed ldap_back_compare. --- servers/slapd/back-ldap/add.c | 127 +++----------- servers/slapd/back-ldap/back-ldap.h | 19 ++- servers/slapd/back-ldap/bind.c | 152 ++++++----------- servers/slapd/back-ldap/compare.c | 65 ++++---- servers/slapd/back-ldap/delete.c | 38 ++--- servers/slapd/back-ldap/extended.c | 39 ++--- servers/slapd/back-ldap/init.c | 1 + servers/slapd/back-ldap/modify.c | 52 ++---- servers/slapd/back-ldap/modrdn.c | 86 +++------- servers/slapd/back-ldap/search.c | 211 ++++++------------------ servers/slapd/back-ldap/suffixmassage.c | 141 +++++++++++----- 11 files changed, 328 insertions(+), 603 deletions(-) diff --git a/servers/slapd/back-ldap/add.c b/servers/slapd/back-ldap/add.c index eeba3763b2..3244c0b12f 100644 --- a/servers/slapd/back-ldap/add.c +++ b/servers/slapd/back-ldap/add.c @@ -58,6 +58,7 @@ ldap_back_add( struct berval mapped; struct berval mdn = { 0, NULL }; ber_int_t msgid; + dncookie dc; #ifdef NEW_LOGGING LDAP_LOG( BACK_LDAP, ENTRY, "ldap_back_add: %s\n", op->o_req_dn.bv_val, 0, 0 ); @@ -73,37 +74,19 @@ ldap_back_add( /* * Rewrite the add dn, if needed */ + dc.li = li; #ifdef ENABLE_REWRITE - switch (rewrite_session( li->rwinfo, "addDn", op->o_req_dn.bv_val, op->o_conn, - &mdn.bv_val )) { - case REWRITE_REGEXEC_OK: - if ( mdn.bv_val != NULL && mdn.bv_val[ 0 ] != '\0' ) { - mdn.bv_len = strlen( mdn.bv_val ); - } else { - mdn = op->o_req_dn; - } -#ifdef NEW_LOGGING - LDAP_LOG( BACK_LDAP, DETAIL1, - "[rw] addDn: \"%s\" -> \"%s\"\n", op->o_req_dn.bv_val, mdn.bv_val, 0 ); -#else /* !NEW_LOGGING */ - Debug( LDAP_DEBUG_ARGS, "rw> addDn: \"%s\" -> \"%s\"\n%s", - op->o_req_dn.bv_val, mdn.bv_val, "" ); -#endif /* !NEW_LOGGING */ - break; - - case REWRITE_REGEXEC_UNWILLING: - send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM, - "Operation not allowed" ); - return( -1 ); - - case REWRITE_REGEXEC_ERR: - send_ldap_error( op, rs, LDAP_OTHER, - "Rewrite error" ); - return( -1 ); + dc.conn = op->o_conn; + dc.rs = rs; + dc.ctx = "addDn"; +#else + dc.tofrom = 1; + dc.normalized = 0; +#endif + if ( ldap_back_dn_massage( &dc, &op->o_req_dn, &mdn ) ) { + send_ldap_result( op, rs ); + return -1; } -#else /* !ENABLE_REWRITE */ - ldap_back_dn_massage( li, &op->o_req_dn, &mdn, 0, 1 ); -#endif /* !ENABLE_REWRITE */ /* Count number of attributes in entry */ for (i = 1, a = op->oq_add.rs_e->e_attrs; a; i++, a = a->a_next) @@ -113,25 +96,6 @@ ldap_back_add( attrs = (LDAPMod **)ch_malloc(sizeof(LDAPMod *)*i); for (i=0, a=op->oq_add.rs_e->e_attrs; a; a=a->a_next) { - /* - * lastmod should always be , so that - * creation/modification operational attrs - * of the target directory are used, if available - */ -#if 0 - if ( !strcasecmp( a->a_desc->ad_cname.bv_val, - slap_schema.si_ad_creatorsName->ad_cname.bv_val ) - || !strcasecmp( a->a_desc->ad_cname.bv_val, - slap_schema.si_ad_createTimestamp->ad_cname.bv_val ) - || !strcasecmp( a->a_desc->ad_cname.bv_val, - slap_schema.si_ad_modifiersName->ad_cname.bv_val ) - || !strcasecmp( a->a_desc->ad_cname.bv_val, - slap_schema.si_ad_modifyTimestamp->ad_cname.bv_val ) - ) { - continue; - } -#endif - if ( a->a_desc->ad_type->sat_no_user_mod ) { continue; } @@ -150,20 +114,14 @@ ldap_back_add( attrs[i]->mod_op = LDAP_MOD_BVALUES; attrs[i]->mod_type = mapped.bv_val; -#ifdef ENABLE_REWRITE - /* - * FIXME: dn-valued attrs should be rewritten - * to allow their use in ACLs at back-ldap level. - */ - if ( strcmp( a->a_desc->ad_type->sat_syntax->ssyn_oid, - SLAPD_DN_SYNTAX ) == 0 ) { + if ( a->a_desc->ad_type->sat_syntax == + slap_schema.si_syn_distinguishedName ) { /* * FIXME: rewrite could fail; in this case * the operation should give up, right? */ - (void)ldap_dnattr_rewrite( li->rwinfo, a->a_vals, op->o_conn ); + (void)ldap_dnattr_rewrite( &dc, a->a_vals ); } -#endif /* ENABLE_REWRITE */ for (j=0; a->a_vals[j].bv_val; j++); attrs[i]->mod_vals.modv_bvals = ch_malloc((j+1)*sizeof(struct berval *)); @@ -188,59 +146,26 @@ ldap_back_add( return ldap_back_op_result( lc, op, rs, msgid, 1 ) != LDAP_SUCCESS; } -#ifdef ENABLE_REWRITE int ldap_dnattr_rewrite( - struct rewrite_info *rwinfo, - BerVarray a_vals, - void *cookie + dncookie *dc, + BerVarray a_vals ) { - char *mattr; - + struct berval bv; + +#ifdef ENABLE_REWRITE + dc->ctx="dnAttr"; +#endif for ( ; a_vals->bv_val != NULL; a_vals++ ) { - switch ( rewrite_session( rwinfo, "bindDn", a_vals->bv_val, - cookie, &mattr )) { - case REWRITE_REGEXEC_OK: - if ( mattr == NULL ) { - /* no substitution */ - continue; - } -#ifdef NEW_LOGGING - LDAP_LOG( BACK_LDAP, DETAIL1, - "[rw] bindDn (in add of dn-valued" - " attr): \"%s\" -> \"%s\"\n", a_vals->bv_val, mattr, 0 ); -#else /* !NEW_LOGGING */ - Debug( LDAP_DEBUG_ARGS, - "rw> bindDn (in add of dn-valued attr):" - " \"%s\" -> \"%s\"\n%s", - a_vals->bv_val, mattr, "" ); -#endif /* !NEW_LOGGING */ + ldap_back_dn_massage( dc, a_vals, &bv ); - /* - * FIXME: replacing server-allocated memory - * (ch_malloc) with librewrite allocated memory - * (malloc) - */ + /* leave attr untouched if massage failed */ + if ( bv.bv_val && bv.bv_val != a_vals->bv_val ) { ch_free( a_vals->bv_val ); - a_vals->bv_val = mattr; - a_vals->bv_len = strlen( mattr ); - - break; - - case REWRITE_REGEXEC_UNWILLING: - - case REWRITE_REGEXEC_ERR: - /* - * FIXME: better give up, - * skip the attribute - * or leave it untouched? - */ - break; + *a_vals = bv; } } return 0; } -#endif /* ENABLE_REWRITE */ - diff --git a/servers/slapd/back-ldap/back-ldap.h b/servers/slapd/back-ldap/back-ldap.h index 2436177c9b..49592cf1df 100644 --- a/servers/slapd/back-ldap/back-ldap.h +++ b/servers/slapd/back-ldap/back-ldap.h @@ -98,8 +98,21 @@ int ldap_back_op_result(struct ldapconn *lc, Operation *op, SlapReply *rs, ber_int_t msgid, int sendok); int back_ldap_LTX_init_module(int argc, char *argv[]); -void ldap_back_dn_massage(struct ldapinfo *li, struct berval *dn, - struct berval *res, int normalized, int tofrom); +/* Whatever context ldap_back_dn_massage needs... */ +typedef struct dncookie { + struct ldapinfo *li; +#ifdef ENABLE_REWRITE + Connection *conn; + char *ctx; + SlapReply *rs; +#else + int normalized; + int tofrom; +#endif +} dncookie; + +int ldap_back_dn_massage(dncookie *dc, struct berval *dn, + struct berval *res); extern int ldap_back_conn_cmp( const void *c1, const void *c2); extern int ldap_back_conn_dup( void *c1, void *c2 ); @@ -157,8 +170,8 @@ ldap_back_filter_map_rewrite_( extern int suffix_massage_config( struct rewrite_info *info, struct berval *pvnc, struct berval *nvnc, struct berval *prnc, struct berval *nrnc); -extern int ldap_dnattr_rewrite( struct rewrite_info *rwinfo, BerVarray a_vals, void *cookie ); #endif /* ENABLE_REWRITE */ +extern int ldap_dnattr_rewrite( dncookie *dc, BerVarray a_vals ); LDAP_END_DECL diff --git a/servers/slapd/back-ldap/bind.c b/servers/slapd/back-ldap/bind.c index 0212351faa..3ba1eb8889 100644 --- a/servers/slapd/back-ldap/bind.c +++ b/servers/slapd/back-ldap/bind.c @@ -62,6 +62,7 @@ ldap_back_bind( struct berval mdn = { 0, NULL }; int rc = 0; ber_int_t msgid; + dncookie dc; lc = ldap_back_getconn(op, rs); if ( !lc ) { @@ -71,40 +72,19 @@ ldap_back_bind( /* * Rewrite the bind dn if needed */ + dc.li = li; #ifdef ENABLE_REWRITE - switch ( rewrite_session( li->rwinfo, "bindDn", - op->o_req_dn.bv_val, - op->o_conn, &mdn.bv_val ) ) { - case REWRITE_REGEXEC_OK: - if ( mdn.bv_val == NULL ) { - mdn = op->o_req_dn; - } else { - mdn.bv_len = strlen( mdn.bv_val ); - } - -#ifdef NEW_LOGGING - LDAP_LOG( BACK_LDAP, DETAIL1, - "[rw] bindDn: \"%s\" -> \"%s\"\n", - op->o_req_dn.bv_val, mdn.bv_val, 0 ); -#else /* !NEW_LOGGING */ - Debug( LDAP_DEBUG_ARGS, "rw> bindDn: \"%s\" -> \"%s\"\n", - op->o_req_dn.bv_val, mdn.bv_val, 0 ); -#endif /* !NEW_LOGGING */ - break; - - case REWRITE_REGEXEC_UNWILLING: - send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM, - "Operation not allowed" ); - return( -1 ); - - case REWRITE_REGEXEC_ERR: - send_ldap_error( op, rs, LDAP_OTHER, - "Rewrite error" ); - return( -1 ); + dc.conn = op->o_conn; + dc.rs = rs; + dc.ctx = "bindDn"; +#else + dc.tofrom = 1; + dc.normalized = 0; +#endif + if ( ldap_back_dn_massage( &dc, &op->o_req_dn, &mdn ) ) { + send_ldap_result( op, rs ); + return -1; } -#else /* !ENABLE_REWRITE */ - ldap_back_dn_massage( li, &op->o_req_dn, &mdn, 0, 1 ); -#endif /* !ENABLE_REWRITE */ if ( lc->bound_dn.bv_val ) { ch_free( lc->bound_dn.bv_val ); @@ -276,7 +256,7 @@ ldap_back_getconn(Operation *op, SlapReply *rs) /* Looks like we didn't get a bind. Open a new session... */ if (!lc) { - int vers = op->o_conn->c_protocol; + int vers = op->o_protocol; rs->sr_err = ldap_initialize(&ld, li->url); if (rs->sr_err != LDAP_SUCCESS) { @@ -284,7 +264,7 @@ ldap_back_getconn(Operation *op, SlapReply *rs) if (rs->sr_text == NULL) { rs->sr_text = "ldap_initialize() failed"; } - send_ldap_result( op, rs ); + if (op->o_conn) send_ldap_result( op, rs ); rs->sr_text = NULL; return( NULL ); } @@ -320,67 +300,37 @@ ldap_back_getconn(Operation *op, SlapReply *rs) } else { lc->cred.bv_len = 0; lc->cred.bv_val = NULL; + lc->bound_dn.bv_val = NULL; + lc->bound_dn.bv_len = 0; if ( op->o_conn->c_dn.bv_len != 0 && ( op->o_bd == op->o_conn->c_authz_backend ) ) { + dncookie dc; + struct berval bv; + /* * Rewrite the bind dn if needed */ -#ifdef ENABLE_REWRITE - lc->bound_dn.bv_val = NULL; - lc->bound_dn.bv_len = 0; - switch ( rewrite_session( li->rwinfo, "bindDn", - op->o_conn->c_dn.bv_val, - op->o_conn, - &lc->bound_dn.bv_val ) ) { - case REWRITE_REGEXEC_OK: - if ( lc->bound_dn.bv_val == NULL ) { - ber_dupbv( &lc->bound_dn, - &op->o_conn->c_dn ); - } else { - lc->bound_dn.bv_len = strlen( lc->bound_dn.bv_val ); - } -#ifdef NEW_LOGGING - LDAP_LOG( BACK_LDAP, DETAIL1, - "[rw] bindDn: \"%s\" ->" - " \"%s\"\n", - op->o_conn->c_dn.bv_val, - lc->bound_dn.bv_val, 0 ); -#else /* !NEW_LOGGING */ - Debug( LDAP_DEBUG_ARGS, - "rw> bindDn: \"%s\" ->" - " \"%s\"\n", - op->o_conn->c_dn.bv_val, - lc->bound_dn.bv_val, 0 ); -#endif /* !NEW_LOGGING */ - break; - - case REWRITE_REGEXEC_UNWILLING: - send_ldap_error( op, rs, - LDAP_UNWILLING_TO_PERFORM, - "Operation not allowed" ); - return( NULL ); - - case REWRITE_REGEXEC_ERR: - send_ldap_error( op, rs, - LDAP_OTHER, - "Rewrite error" ); - return( NULL ); + dc.li = li; +#ifdef ENABLE_REWRITE + dc.conn = op->o_conn; + dc.rs = rs; + dc.ctx = "bindDn"; +#else + dc.tofrom = 1; + dc.normalized = 0; +#endif + + if ( ldap_back_dn_massage( &dc, &op->o_conn->c_dn, &bv ) ) { + if (op->o_conn) send_ldap_result( op, rs ); + return NULL; } -#else /* !ENABLE_REWRITE */ - struct berval bv; - ldap_back_dn_massage( li, &op->o_conn->c_dn, &bv, 0, 1 ); if ( bv.bv_val == op->o_conn->c_dn.bv_val ) { ber_dupbv( &lc->bound_dn, &bv ); } else { lc->bound_dn = bv; } -#endif /* !ENABLE_REWRITE */ - - } else { - lc->bound_dn.bv_val = NULL; - lc->bound_dn.bv_len = 0; } } @@ -408,8 +358,10 @@ ldap_back_getconn(Operation *op, SlapReply *rs) /* Err could be -1 in case a duplicate ldapconn is inserted */ if ( rs->sr_err != 0 ) { ldap_back_conn_free( lc ); - send_ldap_error( op, rs, LDAP_OTHER, - "internal server error" ); + if (op->o_conn) { + send_ldap_error( op, rs, LDAP_OTHER, + "internal server error" ); + } return( NULL ); } } else { @@ -546,27 +498,23 @@ ldap_back_op_result(struct ldapconn *lc, Operation *op, SlapReply *rs, rs->sr_err = ldap_back_map_result(rs); /* internal ops must not reply to client */ - if ( op->o_conn && !op->o_do_not_cache ) { + if ( op->o_conn && !op->o_do_not_cache && match ) { + struct berval dn, mdn; + dncookie dc; + + dc.li = li; #ifdef ENABLE_REWRITE - if (match) { - - switch(rewrite_session(li->rwinfo, "matchedDn", match, op->o_conn, - (char **)&rs->sr_matched)) { - case REWRITE_REGEXEC_OK: - if (!rs->sr_matched) rs->sr_matched = match; break; - case REWRITE_REGEXEC_UNWILLING: - case REWRITE_REGEXEC_ERR: - break; - } - } + dc.conn = op->o_conn; + dc.rs = rs; + dc.ctx = "matchedDn"; #else - struct berval dn, mdn; - if (match) { - ber_str2bv(match, 0, 0, &dn); - ldap_back_dn_massage(li, &dn, &mdn, 0, 0); - rs->sr_matched = mdn.bv_val; - } + dc.tofrom = 0; + dc.normalized = 0; #endif + ber_str2bv(match, 0, 0, &dn); + ldap_back_dn_massage(&dc, &dn, &mdn); + rs->sr_matched = mdn.bv_val; + } } if (op->o_conn && (sendok || rs->sr_err != LDAP_SUCCESS)) { diff --git a/servers/slapd/back-ldap/compare.c b/servers/slapd/back-ldap/compare.c index 14e7f1ce28..966b9188c7 100644 --- a/servers/slapd/back-ldap/compare.c +++ b/servers/slapd/back-ldap/compare.c @@ -52,9 +52,11 @@ ldap_back_compare( { struct ldapinfo *li = (struct ldapinfo *) op->o_bd->be_private; struct ldapconn *lc; - struct berval mapped_oc, mapped_at; + struct berval mapped_at, mapped_val; struct berval mdn = { 0, NULL }; ber_int_t msgid; + int freeval = 0; + dncookie dc; lc = ldap_back_getconn(op, rs); if (!lc || !ldap_back_dobind( lc, op, rs ) ) { @@ -64,55 +66,46 @@ ldap_back_compare( /* * Rewrite the compare dn, if needed */ + dc.li = li; #ifdef ENABLE_REWRITE - switch ( rewrite_session( li->rwinfo, "compareDn", op->o_req_dn.bv_val, op->o_conn, &mdn.bv_val ) ) { - case REWRITE_REGEXEC_OK: - if ( mdn.bv_val == NULL ) { - mdn.bv_val = ( char * )op->o_req_dn.bv_val; - } -#ifdef NEW_LOGGING - LDAP_LOG( BACK_LDAP, DETAIL1, - "[rw] compareDn: \"%s\" -> \"%s\"\n", op->o_req_dn.bv_val, mdn.bv_val, 0 ); -#else /* !NEW_LOGGING */ - Debug( LDAP_DEBUG_ARGS, "rw> compareDn: \"%s\" -> \"%s\"\n%s", - op->o_req_dn.bv_val, mdn.bv_val, "" ); -#endif /* !NEW_LOGGING */ - break; - - case REWRITE_REGEXEC_UNWILLING: - send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM, - "Operation not allowed" ); - return( -1 ); - - case REWRITE_REGEXEC_ERR: - send_ldap_error( op, rs, LDAP_OTHER, - "Rewrite error" ); - return( -1 ); + dc.conn = op->o_conn; + dc.rs = rs; + dc.ctx = "compareDn"; +#else + dc.tofrom = 1; + dc.normalized = 0; +#endif + if ( ldap_back_dn_massage( &dc, &op->o_req_dn, &mdn ) ) { + send_ldap_result( op, rs ); + return -1; } -#else /* !ENABLE_REWRITE */ - ldap_back_dn_massage( li, &op->o_req_dn, &mdn, 0, 1 ); - if ( mdn.bv_val == NULL ) { - return -1; - } -#endif /* !ENABLE_REWRITE */ if ( op->oq_compare.rs_ava->aa_desc == slap_schema.si_ad_objectClass ) { - ldap_back_map(&li->oc_map, &op->oq_compare.rs_ava->aa_desc->ad_cname, &mapped_oc, + ldap_back_map(&li->oc_map, &op->orc_ava->aa_value, &mapped_val, BACKLDAP_MAP); - if (mapped_oc.bv_val == NULL || mapped_oc.bv_val[0] == '\0') { + if (mapped_val.bv_val == NULL || mapped_val.bv_val[0] == '\0') { return( -1 ); } - + mapped_at = op->orc_ava->aa_desc->ad_cname; } else { - ldap_back_map(&li->at_map, &op->oq_compare.rs_ava->aa_value, &mapped_at, + ldap_back_map(&li->at_map, &op->orc_ava->aa_desc->ad_cname, &mapped_at, BACKLDAP_MAP); if (mapped_at.bv_val == NULL || mapped_at.bv_val[0] == '\0') { return( -1 ); } + if (op->orc_ava->aa_desc->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName ) { +#ifdef ENABLE_REWRITE + dc.ctx = "dnAttr"; +#endif + ldap_back_dn_massage( &dc, &op->orc_ava->aa_value, &mapped_val ); + if (mapped_val.bv_val == NULL || mapped_val.bv_val[0] == '\0') { + mapped_val = op->orc_ava->aa_value; + } + } } - rs->sr_err = ldap_compare_ext( lc->ld, mdn.bv_val, mapped_oc.bv_val, - &mapped_at, op->o_ctrls, NULL, &msgid ); + rs->sr_err = ldap_compare_ext( lc->ld, mdn.bv_val, mapped_at.bv_val, + &mapped_val, op->o_ctrls, NULL, &msgid ); if ( mdn.bv_val != op->o_req_dn.bv_val ) { free( mdn.bv_val ); diff --git a/servers/slapd/back-ldap/delete.c b/servers/slapd/back-ldap/delete.c index 5b99c624bf..c48ae217cc 100644 --- a/servers/slapd/back-ldap/delete.c +++ b/servers/slapd/back-ldap/delete.c @@ -53,6 +53,7 @@ ldap_back_delete( struct ldapinfo *li = (struct ldapinfo *) op->o_bd->be_private; struct ldapconn *lc; ber_int_t msgid; + dncookie dc; struct berval mdn = { 0, NULL }; @@ -65,34 +66,19 @@ ldap_back_delete( /* * Rewrite the request dn, if needed */ + dc.li = li; #ifdef ENABLE_REWRITE - switch ( rewrite_session( li->rwinfo, "deleteDn", op->o_req_dn.bv_val, op->o_conn, &mdn.bv_val ) ) { - case REWRITE_REGEXEC_OK: - if ( mdn.bv_val == NULL ) { - mdn.bv_val = ( char * )op->o_req_dn.bv_val; - } -#ifdef NEW_LOGGING - LDAP_LOG( BACK_LDAP, DETAIL1, - "[rw] deleteDn: \"%s\" -> \"%s\"\n", op->o_req_dn.bv_val, mdn.bv_val, 0 ); -#else /* !NEW_LOGGING */ - Debug( LDAP_DEBUG_ARGS, "rw> deleteDn: \"%s\" -> \"%s\"\n%s", - op->o_req_dn.bv_val, mdn.bv_val, "" ); -#endif /* !NEW_LOGGING */ - break; - - case REWRITE_REGEXEC_UNWILLING: - send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM, - "Operation not allowed" ); - return( -1 ); - - case REWRITE_REGEXEC_ERR: - send_ldap_error( op, rs, LDAP_OTHER, - "Rewrite error" ); - return( -1 ); + dc.conn = op->o_conn; + dc.rs = rs; + dc.ctx = "deleteDn"; +#else + dc.tofrom = 1; + dc.normalized = 0; +#endif + if ( ldap_back_dn_massage( &dc, &op->o_req_dn, &mdn ) ) { + send_ldap_result( op, rs ); + return -1; } -#else /* !ENABLE_REWRITE */ - ldap_back_dn_massage( li, &op->o_req_dn, &mdn, 0, 1 ); -#endif /* !ENABLE_REWRITE */ rs->sr_err = ldap_delete_ext( lc->ld, mdn.bv_val, op->o_ctrls, NULL, &msgid ); diff --git a/servers/slapd/back-ldap/extended.c b/servers/slapd/back-ldap/extended.c index 3673800fa2..8f643e1c93 100644 --- a/servers/slapd/back-ldap/extended.c +++ b/servers/slapd/back-ldap/extended.c @@ -55,6 +55,7 @@ ldap_back_exop_passwd( LDAPMessage *res; ber_int_t msgid; int rc; + dncookie dc; lc = ldap_back_getconn(op, rs); if (!lc || !ldap_back_dobind(lc, op, rs) ) { @@ -84,35 +85,19 @@ ldap_back_exop_passwd( return LDAP_UNWILLING_TO_PERFORM; } if (id.bv_len) { + dc.li = li; #ifdef ENABLE_REWRITE - switch ( rewrite_session( li->rwinfo, "modifyPwd", dn.bv_val, op->o_conn, &mdn.bv_val ) ) { - case REWRITE_REGEXEC_OK: - if ( mdn.bv_val == NULL ) { - mdn.bv_val = dn.bv_val; - } - mdn.bv_len = strlen(mdn.bv_val); -#ifdef NEW_LOGGING - LDAP_LOG( BACK_LDAP, DETAIL1, - "[rw] modifyPwd: \"%s\" -> \"%s\"\n", dn.bv_val, mdn.bv_val, 0 ); -#else /* !NEW_LOGGING */ - Debug( LDAP_DEBUG_ARGS, "rw> modifyPwd: \"%s\" -> \"%s\"\n%s", - dn.bv_val, mdn.bv_val, "" ); -#endif /* !NEW_LOGGING */ - break; - - case REWRITE_REGEXEC_UNWILLING: - send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM, - "Operation not allowed" ); - return( -1 ); - - case REWRITE_REGEXEC_ERR: - send_ldap_error( op, rs, LDAP_OTHER, - "Rewrite error" ); - return( -1 ); + dc.conn = op->o_conn; + dc.rs = rs; + dc.ctx = "modifyPwd"; +#else + dc.tofrom = 1; + dc.normalized = 0; +#endif + if ( ldap_back_dn_massage( &dc, &dn, &mdn ) ) { + send_ldap_result( op, rs ); + return -1; } -#else /* !ENABLE_REWRITE */ - ldap_back_dn_massage( li, &dn, &mdn, 0, 1 ); -#endif /* !ENABLE_REWRITE */ } rc = ldap_passwd(lc->ld, id.bv_len ? &mdn : NULL, old.bv_len ? &old : NULL, diff --git a/servers/slapd/back-ldap/init.c b/servers/slapd/back-ldap/init.c index 3beaec8d57..f0fbb962e3 100644 --- a/servers/slapd/back-ldap/init.c +++ b/servers/slapd/back-ldap/init.c @@ -130,6 +130,7 @@ ldap_back_db_init( li->be = be; be->be_private = li; + be->be_flags |= SLAP_BFLAG_NOLASTMOD; return 0; } diff --git a/servers/slapd/back-ldap/modify.c b/servers/slapd/back-ldap/modify.c index 1001c1891d..2e1e61a8ab 100644 --- a/servers/slapd/back-ldap/modify.c +++ b/servers/slapd/back-ldap/modify.c @@ -59,6 +59,7 @@ ldap_back_modify( struct berval mapped; struct berval mdn = { 0, NULL }; ber_int_t msgid; + dncookie dc; lc = ldap_back_getconn(op, rs); if ( !lc || !ldap_back_dobind( lc, op, rs ) ) { @@ -68,34 +69,19 @@ ldap_back_modify( /* * Rewrite the modify dn, if needed */ + dc.li = li; #ifdef ENABLE_REWRITE - switch ( rewrite_session( li->rwinfo, "modifyDn", op->o_req_dn.bv_val, op->o_conn, &mdn.bv_val ) ) { - case REWRITE_REGEXEC_OK: - if ( mdn.bv_val == NULL ) { - mdn.bv_val = ( char * )op->o_req_dn.bv_val; - } -#ifdef NEW_LOGGING - LDAP_LOG( BACK_LDAP, DETAIL1, - "[rw] modifyDn: \"%s\" -> \"%s\"\n", op->o_req_dn.bv_val, mdn.bv_val, 0 ); -#else /* !NEW_LOGGING */ - Debug( LDAP_DEBUG_ARGS, "rw> modifyDn: \"%s\" -> \"%s\"\n%s", - op->o_req_dn.bv_val, mdn.bv_val, "" ); -#endif /* !NEW_LOGGING */ - break; - - case REWRITE_REGEXEC_UNWILLING: - send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM, - "Operation not allowed" ); - return( -1 ); - - case REWRITE_REGEXEC_ERR: - send_ldap_error( op, rs, LDAP_OTHER, - "Rewrite error" ); - return( -1 ); + dc.conn = op->o_conn; + dc.rs = rs; + dc.ctx = "modifyDn"; +#else + dc.tofrom = 1; + dc.normalized = 0; +#endif + if ( ldap_back_dn_massage( &dc, &op->o_req_dn, &mdn ) ) { + send_ldap_result( op, rs ); + return -1; } -#else /* !ENABLE_REWRITE */ - ldap_back_dn_massage( li, &op->o_req_dn, &mdn, 0, 1 ); -#endif /* !ENABLE_REWRITE */ for (i=0, ml=op->oq_modify.rs_modlist; ml; i++,ml=ml->sml_next) ; @@ -126,18 +112,10 @@ ldap_back_modify( mods[i].mod_op = ml->sml_op | LDAP_MOD_BVALUES; mods[i].mod_type = mapped.bv_val; -#ifdef ENABLE_REWRITE - /* - * FIXME: dn-valued attrs should be rewritten - * to allow their use in ACLs at the back-ldap - * level. - */ - if ( strcmp( ml->sml_desc->ad_type->sat_syntax->ssyn_oid, - SLAPD_DN_SYNTAX ) == 0 ) { - ldap_dnattr_rewrite( li->rwinfo, - ml->sml_bvalues, op->o_conn ); + if ( ml->sml_desc->ad_type->sat_syntax == + slap_schema.si_syn_distinguishedName ) { + ldap_dnattr_rewrite( &dc, ml->sml_bvalues ); } -#endif /* ENABLE_REWRITE */ if ( ml->sml_bvalues != NULL ) { for (j = 0; ml->sml_bvalues[j].bv_val; j++); diff --git a/servers/slapd/back-ldap/modrdn.c b/servers/slapd/back-ldap/modrdn.c index 54ec32430f..27a87ef075 100644 --- a/servers/slapd/back-ldap/modrdn.c +++ b/servers/slapd/back-ldap/modrdn.c @@ -53,6 +53,7 @@ ldap_back_modrdn( struct ldapinfo *li = (struct ldapinfo *) op->o_bd->be_private; struct ldapconn *lc; ber_int_t msgid; + dncookie dc; struct berval mdn = { 0, NULL }, mnewSuperior = { 0, NULL }; @@ -61,7 +62,15 @@ ldap_back_modrdn( return( -1 ); } - if (op->oq_modrdn.rs_newSup) { + dc.li = li; +#ifdef ENABLE_REWRITE + dc.conn = op->o_conn; + dc.rs = rs; +#else + dc.tofrom = 1; + dc.normalized = 0; +#endif + if (op->orr_newSup) { int version = LDAP_VERSION3; ldap_set_option( lc->ld, LDAP_OPT_PROTOCOL_VERSION, &version); @@ -69,76 +78,29 @@ ldap_back_modrdn( * Rewrite the new superior, if defined and required */ #ifdef ENABLE_REWRITE - switch ( rewrite_session( li->rwinfo, "newSuperiorDn", - op->oq_modrdn.rs_newSup->bv_val, op->o_conn, &mnewSuperior.bv_val ) ) { - case REWRITE_REGEXEC_OK: - if ( mnewSuperior.bv_val == NULL ) { - mnewSuperior.bv_val = ( char * )op->oq_modrdn.rs_newSup->bv_val; - } -#ifdef NEW_LOGGING - LDAP_LOG( BACK_LDAP, DETAIL1, - "[rw] newSuperiorDn:" " \"%s\" -> \"%s\"\n", - op->oq_modrdn.rs_newSup->bv_val, mnewSuperior.bv_val, 0 ); -#else /* !NEW_LOGGING */ - Debug( LDAP_DEBUG_ARGS, "rw> newSuperiorDn:" - " \"%s\" -> \"%s\"\n%s", - op->oq_modrdn.rs_newSup->bv_val, mnewSuperior.bv_val, "" ); -#endif /* !NEW_LOGGING */ - break; - - case REWRITE_REGEXEC_UNWILLING: - send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM, - "Operation not allowed" ); - return( -1 ); - - case REWRITE_REGEXEC_ERR: - send_ldap_error( op, rs, LDAP_OTHER, - "Rewrite error" ); - return( -1 ); + dc.ctx = "newSuperiorDn"; +#endif + if ( ldap_back_dn_massage( &dc, op->orr_newSup, + &mnewSuperior ) ) { + send_ldap_result( op, rs ); + return -1; } -#else /* !ENABLE_REWRITE */ - ldap_back_dn_massage( li, op->oq_modrdn.rs_newSup, &mnewSuperior, 0, 1 ); - if ( mnewSuperior.bv_val == NULL ) { - return( -1 ); - } -#endif /* !ENABLE_REWRITE */ } -#ifdef ENABLE_REWRITE /* * Rewrite the modrdn dn, if required */ - switch ( rewrite_session( li->rwinfo, "modrDn", op->o_req_dn.bv_val, op->o_conn, &mdn.bv_val ) ) { - case REWRITE_REGEXEC_OK: - if ( mdn.bv_val == NULL ) { - mdn.bv_val = ( char * )op->o_req_dn.bv_val; - } -#ifdef NEW_LOGGING - LDAP_LOG( BACK_LDAP, DETAIL1, - "[rw] modrDn: \"%s\" -> \"%s\"\n", op->o_req_dn.bv_val, mdn.bv_val, 0 ); -#else /* !NEW_LOGGING */ - Debug( LDAP_DEBUG_ARGS, "rw> modrDn: \"%s\" -> \"%s\"\n%s", - op->o_req_dn.bv_val, mdn.bv_val, "" ); -#endif /* !NEW_LOGGING */ - break; - - case REWRITE_REGEXEC_UNWILLING: - send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM, - "Operation not allowed" ); - return( -1 ); - - case REWRITE_REGEXEC_ERR: - send_ldap_error( op, rs, LDAP_OTHER, - "Rewrite error" ); - return( -1 ); +#ifdef ENABLE_REWRITE + dc.ctx = "modrDn"; +#endif + if ( ldap_back_dn_massage( &dc, &op->o_req_dn, &mdn ) ) { + send_ldap_result( op, rs ); + return -1; } -#else /* !ENABLE_REWRITE */ - ldap_back_dn_massage( li, &op->o_req_dn, &mdn, 0, 1 ); -#endif /* !ENABLE_REWRITE */ rs->sr_err = ldap_rename( lc->ld, mdn.bv_val, - op->oq_modrdn.rs_newrdn.bv_val, mnewSuperior.bv_val, - op->oq_modrdn.rs_deleteoldrdn, op->o_ctrls, + op->orr_newrdn.bv_val, mnewSuperior.bv_val, + op->orr_deleteoldrdn, op->o_ctrls, NULL, &msgid ); if ( mdn.bv_val != op->o_req_dn.bv_val ) { diff --git a/servers/slapd/back-ldap/search.c b/servers/slapd/back-ldap/search.c index 3bdaf1c2ad..31158d7a31 100644 --- a/servers/slapd/back-ldap/search.c +++ b/servers/slapd/back-ldap/search.c @@ -74,6 +74,7 @@ ldap_back_search( struct berval mfilter = { 0, NULL }; struct slap_limits_set *limit = NULL; int isroot = 0; + dncookie dc; lc = ldap_back_getconn(op, rs); if ( !lc ) { @@ -146,42 +147,20 @@ ldap_back_search( /* * Rewrite the search base, if required */ + dc.li = li; #ifdef ENABLE_REWRITE - switch ( rewrite_session( li->rwinfo, "searchBase", - op->o_req_dn.bv_val, op->o_conn, &mbase.bv_val ) ) { - case REWRITE_REGEXEC_OK: - if ( mbase.bv_val == NULL ) { - mbase = op->o_req_dn; - } else { - mbase.bv_len = strlen( mbase.bv_val ); - } -#ifdef NEW_LOGGING - LDAP_LOG( BACK_LDAP, DETAIL1, - "[rw] searchBase: \"%s\" -> \"%s\"\n", - op->o_req_dn.bv_val, mbase.bv_val, 0 ); -#else /* !NEW_LOGGING */ - Debug( LDAP_DEBUG_ARGS, "rw> searchBase: \"%s\" -> \"%s\"\n%s", - op->o_req_dn.bv_val, mbase.bv_val, "" ); -#endif /* !NEW_LOGGING */ - break; - - case REWRITE_REGEXEC_UNWILLING: - rs->sr_err = LDAP_UNWILLING_TO_PERFORM; - rs->sr_text = "Operation not allowed"; - rc = -1; - goto finish; - - case REWRITE_REGEXEC_ERR: - rs->sr_err = LDAP_OTHER; - rs->sr_text = "Rewrite error"; - rc = -1; - goto finish; + dc.conn = op->o_conn; + dc.rs = rs; + dc.ctx = "searchBase"; +#else + dc.tofrom = 1; + dc.normalized = 0; +#endif + if ( ldap_back_dn_massage( &dc, &op->o_req_dn, &mbase ) ) { + send_ldap_result( op, rs ); + return -1; } -#else /* !ENABLE_REWRITE */ - ldap_back_dn_massage( li, &op->o_req_dn, &mbase, 0, 1 ); -#endif /* !ENABLE_REWRITE */ - #ifdef ENABLE_REWRITE rc = ldap_back_filter_map_rewrite_( li->rwinfo, op->o_conn, &li->at_map, &li->oc_map, op->oq_search.rs_filter, &mfilter, @@ -335,44 +314,22 @@ fail:; if (rc == -1) goto fail; -#ifdef ENABLE_REWRITE /* * Rewrite the matched portion of the search base, if required */ - if ( match != NULL ) { - switch ( rewrite_session( li->rwinfo, "matchedDn", - match, op->o_conn, (char **)&rs->sr_matched ) ) { - case REWRITE_REGEXEC_OK: - if ( rs->sr_matched == NULL ) { - rs->sr_matched = ( char * )match; - } -#ifdef NEW_LOGGING - LDAP_LOG( BACK_LDAP, DETAIL1, - "[rw] matchedDn:" " \"%s\" -> \"%s\"\n", match, rs->sr_matched, 0 ); -#else /* !NEW_LOGGING */ - Debug( LDAP_DEBUG_ARGS, "rw> matchedDn:" - " \"%s\" -> \"%s\"\n%s", - match, rs->sr_matched, "" ); -#endif /* !NEW_LOGGING */ - break; - - case REWRITE_REGEXEC_UNWILLING: - - case REWRITE_REGEXEC_ERR: - /* FIXME: no error, but no matched ... */ - rs->sr_matched = NULL; - break; - } - } -#else /* !ENABLE_REWRITE */ if ( match != NULL ) { struct berval dn, mdn; +#ifdef ENABLE_REWRITE + dc.ctx = "matchedDn"; +#else + dc.tofrom = 0; + dc.normalized = 0; +#endif ber_str2bv(match, 0, 0, &dn); - ldap_back_dn_massage(li, &dn, &mdn, 0, 0); + ldap_back_dn_massage(&dc, &dn, &mdn); rs->sr_matched = mdn.bv_val; } -#endif /* !ENABLE_REWRITE */ if ( rs->sr_v2ref ) { rs->sr_err = LDAP_REFERRAL; } @@ -422,6 +379,7 @@ ldap_build_entry( int last; int private = flags & LDAP_BUILD_ENTRY_PRIVATE; int normalize = flags & LDAP_BUILD_ENTRY_NORMALIZE; + dncookie dc; /* safe assumptions ... */ assert( ent ); @@ -430,37 +388,22 @@ ldap_build_entry( if ( ber_scanf( &ber, "{m{", bdn ) == LBER_ERROR ) { return LDAP_DECODING_ERROR; } -#ifdef ENABLE_REWRITE /* * Rewrite the dn of the result, if needed */ - switch ( rewrite_session( li->rwinfo, "searchResult", - bdn->bv_val, op->o_conn, - &ent->e_name.bv_val ) ) { - case REWRITE_REGEXEC_OK: - if ( ent->e_name.bv_val == NULL ) { - ent->e_name = *bdn; - } else { -#ifdef NEW_LOGGING - LDAP_LOG( BACK_LDAP, DETAIL1, - "[rw] searchResult: \"%s\"" " -> \"%s\"\n", - bdn->bv_val, ent->e_dn, 0 ); -#else /* !NEW_LOGGING */ - Debug( LDAP_DEBUG_ARGS, "rw> searchResult: \"%s\"" - " -> \"%s\"\n%s", bdn->bv_val, ent->e_dn, "" ); -#endif /* !NEW_LOGGING */ - ent->e_name.bv_len = strlen( ent->e_name.bv_val ); - } - break; - - case REWRITE_REGEXEC_ERR: - case REWRITE_REGEXEC_UNWILLING: + dc.li = li; +#ifdef ENABLE_REWRITE + dc.conn = op->o_conn; + dc.rs = NULL; + dc.ctx = "searchResult"; +#else + dc.tofrom = 0; + dc.normalized = 0; +#endif + if ( ldap_back_dn_massage( &dc, bdn, &ent->e_name ) ) { return LDAP_OTHER; } -#else /* !ENABLE_REWRITE */ - ldap_back_dn_massage( li, bdn, &ent->e_name, 0, 0 ); -#endif /* !ENABLE_REWRITE */ /* * Note: this may fail if the target host(s) schema differs @@ -575,63 +518,16 @@ ldap_build_entry( * ACLs to the target directory server, and letting * everything pass thru the ldap backend. */ - } else if ( strcmp( attr->a_desc->ad_type->sat_syntax->ssyn_oid, - SLAPD_DN_SYNTAX ) == 0 ) { + } else if ( attr->a_desc->ad_type->sat_syntax == + slap_schema.si_syn_distinguishedName ) { for ( bv = attr->a_vals; bv->bv_val; bv++ ) { - struct berval newval; + struct berval newval = {0,NULL}; -#ifdef ENABLE_REWRITE - switch ( rewrite_session( li->rwinfo, - "searchResult", - bv->bv_val, - op->o_conn, - &newval.bv_val )) { - case REWRITE_REGEXEC_OK: - /* left as is */ - if ( newval.bv_val == NULL ) { - break; - } - newval.bv_len = strlen( newval.bv_val ); -#ifdef NEW_LOGGING - LDAP_LOG( BACK_LDAP, DETAIL1, - "[rw] searchResult on attr=%s: \"%s\" -> \"%s\"\n", - attr->a_desc->ad_type->sat_cname.bv_val, - bv->bv_val, newval.bv_val ); -#else /* !NEW_LOGGING */ - Debug( LDAP_DEBUG_ARGS, - "rw> searchResult on attr=%s: \"%s\" -> \"%s\"\n", - attr->a_desc->ad_type->sat_cname.bv_val, - bv->bv_val, newval.bv_val ); -#endif /* !NEW_LOGGING */ - free( bv->bv_val ); - *bv = newval; - break; - - case REWRITE_REGEXEC_UNWILLING: - LBER_FREE(bv->bv_val); - bv->bv_val = NULL; - if (--last < 0) - goto next_attr; - *bv = attr->a_vals[last]; - attr->a_vals[last].bv_val = NULL; - bv--; - break; - - case REWRITE_REGEXEC_ERR: - /* - * FIXME: better give up, - * skip the attribute - * or leave it untouched? - */ - break; - } -#else /* !ENABLE_REWRITE */ - ldap_back_dn_massage( li, bv, &newval, 0, 0 ); - if ( bv->bv_val != newval.bv_val ) { + ldap_back_dn_massage( &dc, bv, &newval ); + if ( newval.bv_val && bv->bv_val != newval.bv_val ) { LBER_FREE( bv->bv_val ); + *bv = newval; } - *bv = newval; -#endif /* !ENABLE_REWRITE */ } } @@ -688,6 +584,7 @@ ldap_back_entry_get( char *filter = NULL; Connection *oconn; SlapReply rs; + dncookie dc; /* Tell getconn this is a privileged op */ is_oc = op->o_do_not_cache; @@ -706,35 +603,19 @@ ldap_back_entry_get( /* * Rewrite the search base, if required */ + dc.li = li; #ifdef ENABLE_REWRITE - switch ( rewrite_session( li->rwinfo, "searchBase", - ndn->bv_val, op->o_conn, &mdn.bv_val ) ) { - case REWRITE_REGEXEC_OK: - if ( mdn.bv_val == NULL ) { - mdn = *ndn; - } else { - mdn.bv_len = strlen( mdn.bv_val ); - } - -#ifdef NEW_LOGGING - LDAP_LOG( BACK_LDAP, DETAIL1, - "[rw] searchBase: \"%s\" -> \"%s\"\n", - ndn->bv_val, mdn.bv_val, 0 ); -#else /* !NEW_LOGGING */ - Debug( LDAP_DEBUG_ARGS, "rw> searchBase: \"%s\" -> \"%s\"\n", - ndn->bv_val, mdn.bv_val, 0 ); -#endif /* !NEW_LOGGING */ - break; - - case REWRITE_REGEXEC_UNWILLING: - case REWRITE_REGEXEC_ERR: + dc.conn = op->o_conn; + dc.rs = &rs; + dc.ctx = "searchBase"; +#else + dc.tofrom = 1; + dc.normalized = 1; +#endif + if ( ldap_back_dn_massage( &dc, ndn, &mdn ) ) { return 1; } -#else /* !ENABLE_REWRITE */ - ldap_back_dn_massage( li, ndn, &mdn, 0, 1 ); -#endif /* !ENABLE_REWRITE */ - ldap_back_map(&li->at_map, &at->ad_cname, &mapped, BACKLDAP_MAP); if (mapped.bv_val == NULL || mapped.bv_val[0] == '\0') { rc = 1; diff --git a/servers/slapd/back-ldap/suffixmassage.c b/servers/slapd/back-ldap/suffixmassage.c index c392207b3a..f4a31c1f78 100644 --- a/servers/slapd/back-ldap/suffixmassage.c +++ b/servers/slapd/back-ldap/suffixmassage.c @@ -30,8 +30,6 @@ #include "portable.h" -#ifndef ENABLE_REWRITE - #include #include @@ -39,79 +37,134 @@ #include "slap.h" #include "back-ldap.h" +#ifdef ENABLE_REWRITE +int +ldap_back_dn_massage( + dncookie *dc, + struct berval *dn, + struct berval *res +) +{ + int rc = 0; + + switch (rewrite_session( dc->li->rwinfo, dc->ctx, dn->bv_val, dc->conn, + &res->bv_val )) { + case REWRITE_REGEXEC_OK: + if ( res->bv_val != NULL && res->bv_val[ 0 ] != '\0' ) { + res->bv_len = strlen( res->bv_val ); + } else { + *res = *dn; + } +#ifdef NEW_LOGGING + LDAP_LOG( BACK_LDAP, DETAIL1, + "[rw] %s: \"%s\" -> \"%s\"\n", dc->ctx, dn->bv_val, res->bv_val ); +#else /* !NEW_LOGGING */ + Debug( LDAP_DEBUG_ARGS, + "[rw] %s: \"%s\" -> \"%s\"\n", dc->ctx, dn->bv_val, res->bv_val ); +#endif /* !NEW_LOGGING */ + break; + + case REWRITE_REGEXEC_UNWILLING: + if ( dc->rs ) { + dc->rs->sr_err = LDAP_UNWILLING_TO_PERFORM; + dc->rs->sr_text = "Operation not allowed"; + } + rc = -1; + break; + + case REWRITE_REGEXEC_ERR: + if ( dc->rs ) { + dc->rs->sr_err = LDAP_OTHER; + dc->rs->sr_text = "Rewrite error"; + } + rc = -1; + break; + } + return rc; +} + +#else /* * ldap_back_dn_massage * * Aliases the suffix; based on suffix_alias (servers/slapd/suffixalias.c). */ -void +int ldap_back_dn_massage( - struct ldapinfo *li, + dncookie *dc, struct berval *dn, - struct berval *res, - int normalized, - int tofrom + struct berval *res ) { int i, src, dst; + struct berval pretty = {0,NULL}; assert( res ); - if ( dn == NULL ) { + if ( dn == NULL ) { res->bv_val = NULL; res->bv_len = 0; - return; + return 0; } - if ( li == NULL || li->suffix_massage == NULL ) { + if ( dc->li == NULL || dc->li->suffix_massage == NULL ) { *res = *dn; - return; + return 0; } - if ( tofrom ) { - src = 0 + normalized; - dst = 2 + normalized; + if ( dc->tofrom ) { + src = 0 + dc->normalized; + dst = 2 + dc->normalized; } else { - src = 2 + normalized; - dst = 0 + normalized; + src = 2 + dc->normalized; + dst = 0 + dc->normalized; + /* DN from remote server may be in arbitrary form. + * Pretty it so we can parse reliably. + */ + dnPretty2( NULL, dn, &pretty ); + if (pretty.bv_val) dn = &pretty; } - for ( i = 0; - li->suffix_massage[i].bv_val != NULL; - i += 4 ) { - int aliasLength = li->suffix_massage[i+src].bv_len; - int diff = dn->bv_len - aliasLength; + for ( i = 0; + dc->li->suffix_massage[i].bv_val != NULL; + i += 4 ) { + int aliasLength = dc->li->suffix_massage[i+src].bv_len; + int diff = dn->bv_len - aliasLength; - if ( diff < 0 ) { - /* alias is longer than dn */ - continue; - } else if ( diff > 0 ) { - if ( normalized && ( ! DN_SEPARATOR(dn->bv_val[diff-1]) ) ) { - /* boundary is not at a DN separator */ - continue; - } - /* At a DN Separator */ - /* XXX or an escaped separator... oh well */ - } + if ( diff < 0 ) { + /* alias is longer than dn */ + continue; + } else if ( diff > 0 && ( !DN_SEPARATOR(dn->bv_val[diff-1]))) { + /* boundary is not at a DN separator */ + continue; + /* At a DN Separator */ + } - if ( !strcmp( li->suffix_massage[i+src].bv_val, &dn->bv_val[diff] ) ) { - res->bv_len = diff + li->suffix_massage[i+dst].bv_len; - res->bv_val = ch_malloc( res->bv_len + 1 ); - strncpy( res->bv_val, dn->bv_val, diff ); - strcpy( &res->bv_val[diff], li->suffix_massage[i+dst].bv_val ); + if ( !strcmp( dc->li->suffix_massage[i+src].bv_val, &dn->bv_val[diff] ) ) { + res->bv_len = diff + dc->li->suffix_massage[i+dst].bv_len; + res->bv_val = ch_malloc( res->bv_len + 1 ); + strncpy( res->bv_val, dn->bv_val, diff ); + strcpy( &res->bv_val[diff], dc->li->suffix_massage[i+dst].bv_val ); #ifdef NEW_LOGGING LDAP_LOG ( BACK_LDAP, ARGS, "ldap_back_dn_massage: converted \"%s\" to \"%s\"\n", dn->bv_val, res->bv_val, 0 ); #else - Debug( LDAP_DEBUG_ARGS, - "ldap_back_dn_massage:" + Debug( LDAP_DEBUG_ARGS, + "ldap_back_dn_massage:" " converted \"%s\" to \"%s\"\n", - dn->bv_val, res->bv_val, 0 ); + dn->bv_val, res->bv_val, 0 ); #endif - break; - } - } + break; + } + } + /* Nothing matched, just return the original DN */ + if (res->bv_val == NULL) { + *res = *dn; + } + if (pretty.bv_val) { + ch_free(pretty.bv_val); + } - return; + return 0; } #endif /* !ENABLE_REWRITE */ -- 2.39.5